release-note-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches and ingests public GitHub content (e.g., "pnpm dlx changelogithub --dry", "GitHub releases, PR lists" in SKILL.md Required Discovery steps), which are untrusted, user-generated third-party sources the agent must read and use to build facts and drive drafting of the release notes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Required Discovery step tells the operator to run "pnpm dlx changelogithub --dry --from ", which at runtime fetches and executes the external npm package (changelogithub from the npm registry), so remote code is executed and relied upon.